Answers

Blocking Tor

Does anyone have a good way to block the Tor network on an ongoing basis. I have ASM and IPI, but what I am finding is that the Tor IP addresses are not falling under any of the IPI categories even Anonymous Proxy. I also find that the Anonymous proxy category contains a lot of high utilized cloud proxy services so I don't find it to be a viable category to block for our web sites.

I am running 11.4.1 right now and just trying to see if anyone has a way they have been using that keeps up with Tors changing IP addresses.

Answers to this Question

IP Intelligence Service should be add to your Big-IP ASM, IPI gets its intelligence from webroot/brightcloud every 10 mins. You can check a rating here. If you disagree with the rating you can request a change right from the output page. Once the change goes into affect you should get the update within 10 mins and the alarming/blocking behavior you are looking for.also Check your IP from here to see if it is listed: http://www.brightcloud.com/tools/url-ip-lookup.php, If yes, there could be possibly policy misconfiguration on your ASM policy